Luke Dashjr, one of the original core creators of Bitcoin, claimed that a hack that happened right before the new year cost him “essentially” all of his BTC.
The developer claimed in a tweet on 1 January that the suspected hackers had acquired access to his PGP (Pretty Good Privacy) key. This popular security technique employs two keys to access encrypted data.
He did not say how much of his BTC was taken overall; instead, he revealed a wallet address where some of the stolen BTC had been transmitted. The wallet address in question currently shows four transactions between 2:08 and 2:16 UTC on 31 December totaling 216.93 BTC, or $3.6 million at the time of writing.
So, what happened?
Despite Dashjr’s claim that he had “no idea how” the attackers got their hands on his key, several members of the community have suggested a connection with an earlier tweet he had published on 17 November in which he stated that his server had been infected by “new malware/backdoors on the system.”
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023
In his most recent Twitter thread, Dashjr stated that he was just made aware of the current hack after receiving letters from Coinbase and Kraken regarding failed login attempts.
Changpeng “CZ” Zhao, the CEO of Binance, was also made aware of the situation and he expressed his sympathy and support in a post on 1 January. He said:
“Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. Please let us know if we can help with anything else. We deal with these often, and have Law Enforcement (LE) relationships worldwide.”
In parallel, Chinese Journalist Colin Wu confirmed that “more than 200 Bitcoins” were engaged in the breach. Wu further affirmed Dashjr’s statement that “part of it is conjoined” by saying, “Some of them have been mixed.”
The reason behind it?
Some members of the crypto community have hypothesized that the loss may have been caused by shoddy security.
The Bitcoin developer Dashjr may not have taken the 17 November security breach “seriously enough,” according to a Reddit user going by SatStandard, who later claimed that Dashjr “did not keep distinct operations isolated.”
Others, though, seem to imply that it wasn’t a hack at all and that the seed word was either accidentally discovered or involved in a “boating mishap” just in time for tax season.
In this context, the term “boating accident” refers to a recurring joke and meme about people trying to avoid paying taxes by claiming they lost all their Bitcoin in a “tragic boating accident,” which was first popularised by gun enthusiasts.
The news has also sparked a discussion about self-custody, which has been a hot topic since FTX’s demise last year.
“Sad to see even an OG #Bitcoin Core Developer lost 200+ BTC ($3.5 million),” wrote Binance’s Zhao, who had previously warned the cryptocurrency community about self-custody. A unique set of hazards are associated with self-custody.